The most common infection currently is what is known as a fake antivirus infection. It is far more prevalent than any other infection out there for either Windows or Mac OS X. In the previous posts, we explained how to avoid getting a fake antivirus. In this post, have a special message for all of our Mac friends.

A Note About Safari

Safari is Apple’s pre-loaded web browser that can be found on all Apple computers and smartphones. However, there is a particular setting that you can adjust in Safari that could help you from catching a fake antivirus. If you turn off the option to open “safe” files after downloading, you can potentially stop a fake antivirus installer from running automatically if you accidentally click on a link to download it.

Don’t Rely on Mac Alone

Apple computers have a built in malware detector called XProtect. While this is better than no detector at all, it is extremely basic and not sufficiently powerful to keep your computer safe. As an example, XProtect will not detect malware found on a USB device or anything already installed on your computer. It also relies on a once a day push from Apple to update, leaving you without an option to manually update it yourself.

Yes, Virginia, Macs DO Get Viruses

Contrary to what many people will tell you, Apple computers can get infected with malicious software. As they become more and more popular, you are going to see more and more attacks on Apple computers. Without a genuine antivirus or anti-malware product, you are just leaving yourself open for attack.

We do have a word of warning, however. We do not recommend purchasing your antivirus or anti-malware software from Apple’s App Store. As a condition of being listed in the App Store, all apps must exclude what is called a kernel-based filtering component, which is used to allow active scanning of your computer while you use it. Without that, your antivirus is nothing more than an on-demand program that is not actively protecting you at all.

The most common infection currently is what is known as a fake antivirus infection. It is far more prevalent than any other infection out there for either Windows or Mac OS X. In the previous posts, we explained how to tell if you have a fake antivirus. In this post, we’ll tell you how to protect yourself from acquiring it in the first place.

But I Already Have an Antivirus!

There are many ways to stop a fake antivirus from infecting your computer. However, malware is a very complex thing, meaning you need more than just an antivirus program to keep yourself safe. Not every antivirus product will catch every infection, but having more than one antivirus is bad for your computer. The best way to get around this is to have one active scanning antivirus like Microsoft Security Essentials and supplement that with one or two on-demand scanning anti-malware programs like Malwarebytes.

What Do You Mean I Shouldn’t Go to That Site?

Many computers targeted for fake antivirus malware are being used to do something illegal. For example, if you are downloading free music, watching movies online that are still in the theatres, or going to websites with questionable adult content, you are at a significantly higher risk of gaining these types of infections. People who set up the fake antivirus to download when you visit those types of websites are very aware that you probably will not try to report them, as you are also doing something illegal yourself. By doing that and adding in the scare tactics commonly used to trick you into purchasing the fake antivirus, they have a winning combination.

I Hate Doing Updates!

There are three reasons companies put out updates for their software programs: to fix a programming bug, to add new features to the product, and/or to fix a security hole. When something asks you to update Java or Flash or even Windows, we highly recommend that you do those updates. If you are concerned that what is popping up is not coming from the actual software, you can always go to the manufacturer’s website and download the update from there. By not doing updates, you are potentially leaving yourself open to threats that might not have been around yesterday but are knocking at your door today.

Is This Safe?

The best defense against this and any other infection is knowledge. It is always better to avoid getting the infections in the first place than clean them off after they have already caused trouble. We know you’ve heard us mention looking before you click, but what happens when you’re not sure if something is safe or not? For that, we are happy to help you out. If there’s something you’re not sure is legitimate or not, go ahead and call us during our normal business hours and we’ll do our best to steer you in the right direction. As always, trust your gut and if you’re not sure, don’t do it.

The most common infection currently is what is known as a fake antivirus infection. It is far more prevalent than any other infection out there for either Windows or Mac OS X. In the previous posts, we explained just what this creature is and how it gets into your computer. In this post, we’ll tell you just how to know if you have it or not.

What Is This?

The easiest way to tell if you have the fake antivirus infection is to see if you have something popping up on your computer that is asking you to purchase something after scanning your computer for threats. Many times, the code beneath the fake antivirus malware is the same from person to person, but the infection re-skins itself, which means it shows a different image, to look like a program you already have installed. Many times, you can tell that it is not, in fact, your true antivirus because it will have spelling and grammar errors or the fine print will tell you that you need to purchase something.

I Can’t Open the Control Panel or My Antivirus

If you are more technically minded, you may look to your Control Panel to find out what is going on when your computer shows you this type of infection. However, many times the fake antivirus program will disable your Task Manager or Control Panel access, claiming it was caused by the however-many infections it ‘found’ on your computer. Other times, it will disable your true antivirus entirely, since if you suspect infections, you’re more likely to try to run your antivirus software to fix the problem. Both of these occurrences increase the likelihood that you will purchase their fake antivirus software when you notice that something is amiss.

The Internet Is Going Crazy!

When you type a website name into your web browser, you expect it to take you to that website. When it doesn’t, that could mean that you have a fake antivirus infection. This is especially true if it takes you to a website that asks you to purchase their product or you could continue unprotected. This also adds to the user’s fear that something may be wrong with the computer, thus encouraging them to purchase the software ‘just to be safe’.

The most common infection currently is what is known as a fake antivirus infection. It is far more prevalent than any other infection out there for either Windows or Mac OS X. In the previous post, we explained just what this creature is. In this post, we’ll tell you how to catch it.

It Just Popped Up and Started Scanning!

The most common way the fake antivirus arrives is through a popup from a website. This popup pretends to scan your computer, showing you all the threats that it found during its preliminary scan. Once the scan is complete, it tells you that in order to do a full ‘free’ scan, it needs you to download the program. This social engineering approach is very common with many current types of malware. The unsuspecting user then downloads the ‘program’ in hopes that it will remove all of the problems that his or her computer apparently suffers from. In downloading this program, the user is, in fact, downloading the fake antivirus infection.

I Just Wanted to Watch a Movie!

If you are attempting to watch a movie online, particularly a movie for free or one that is still in theatres, you run a very high risk of running into this next form of fake antivirus infection. When you arrive at the movie’s website, you will be prompted to download a codec to be able to watch the movie. This ‘codec’ is actually the fake antivirus malware, which will usually pop up with a scanning box like the one mentioned above anywhere from a few minutes to a few hours after downloading the fake codec.

The Post Office and My Bank Infected My Computer!

Clicking on a link to a website from your email or an instant message can be a potentially dangerous thing, especially if it looks completely legitimate. Many messages that are not caught by your email provider’s spam filter look like they actually came from the Post Office, a carrier service, or a bank. If you receive any messages regarding these things, think twice about clicking on the link in the message.

Account Suspension or Account Cancellation

The message suggests that an account that you hold, be it a bank account or some other account, has been locked or cancelled due to suspicious activity. The message then goes on to explain that by clicking on the link, you will be taken to a page that will help you resolve this issue. This page, however, installs the fake antivirus malware onto your computer.

You’ve Received an E-Card

The message appears to come from a legitimate electronic greetings company. It asks that you click on the link to view the card. By clicking on the link, you are installing the fake antivirus malware onto your computer.

Password Reset

The message informs you that your password for your online account with a legitimate company has been reset for various reasons. You are then prompted to click on a link within the message to enter a new password for the account. By clicking on the link, the fake antivirus malware is installed.

Attempted Package Delivery or Problem with Package Delivery

The message from one of the popular carrier services (UPS, FedEx, DHL, USPS, etc.) informs you that a package that is being delivered to you either failed to be delivered or there was a problem with the package itself. The message requests that you click on the link to resolve the issue. The link actually takes you to a website where the fake antivirus malware is installed on your computer.

My Cousin Gave It to Me!

With the prevalence of email account hacking, we’re seeing a large amount of ‘friendly spam’ coming into our inboxes. Friendly spam is unwanted email that seems to come from someone you are already in contact with. The infection creator or their proxy will compromise an email account, and then send out an email to that account’s contact list requesting that a link within the email be clicked on. When the unsuspecting recipient clicks on the link, their computer is infected with the fake antivirus malware.

This Website Infected My Computer!

The last popular place the fake antivirus malware comes from is compromised websites. Many websites that are compromised have code placed into them that will download the fake antivirus malware onto your computer without even asking you if it can install it. Many of these websites are smaller websites that may or may not be updated frequently by their owners. The larger websites, run by larger companies such as Microsoft, Adobe, and Apple, have teams dedicated to making sure their website runs as it is supposed to, which is why you usually won’t see any of this malicious code placed on the big name websites. The small business websites, however, many times are created once and never looked at again. These websites are prime targets for those who wish to infect them with drive-by downloads of the fake antivirus malware.

The most common infection currently is what is known as a fake antivirus infection. It is far more prevalent than any other infection out there for either Windows or Mac OS X. How can you tell the difference between this and other infections, or even this and your antivirus software?

Just What It Says on the Tin

A fake antivirus program is exactly what it sounds like. When this infection arrives on your system, it opens a window that claims to have found one or more dangerous security threats from a quick scan of your computer. These threats probably do not even exist on your computer, but this legitimate looking software is telling you, at no cost, just how many problems you probably don’t have before asking you for your credit card number to fix them. Regardless of how many times you close the window, it will keep popping up until you either pay the money they ask for or the fake antivirus is removed.

Show Me the Money

What has caused infection writers to move towards the fake antivirus infection? The answer is surprisingly simple; people hand over more money with the fake antivirus infections than any other class of malware. Compared to malware such as backdoor Trojans, downloaders and password stealers, fake antivirus software typically draws in between $80 and $120 per individual that pays for it.

My Mac Is Safe, Right? Right?

Wrong. We are seeing a large amount of new infections specifically targeting Apple computers. The Mac sector of malware is advancing faster than any other sector currently, and they are taking many of the things they learned by attacking Windows computers to these infections. The infection creators are using social media tactics to trick Apple computer users in the same fashion that they trick Windows users. Additionally, the search engine poisoning and rebranding of fake antivirus infections can affect both Mac and PC users.

Real vs. Fake

How do you tell the difference between a real antivirus and a fake antivirus? Simply put, know what antivirus you have installed on your computer. If something pops up that tells you it is from some company you’ve never heard of and you have Microsoft Security Essentials installed, you know that it is not your antivirus.

Below, you’ll see some of the names the more common fake antivirus infections take on to try to trick you into giving them a credit card number.

Security Shield

Windows XP Recovery

Security Tool

Internet Defender

PC Security Guardian

BitDefender 2011

Antimalware Tool

Smart Internet Protection

AntiVirius AntiSpyware 2011

Malware Protection

XP Security 2012

Security Protection

XP Antivirus 2012

XP Anti-Spyware 2011

MacDefender

Mac Security

Any names that sound similar to those above are probably also suspicious.